For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

FSC-IT_27241's avatar
FSC-IT_27241
Icon for Nimbostratus rankNimbostratus
Apr 21, 2008

dazed and confused irule newbie http to https

I have a site that I am using the profile to rewrite all to map http to https. The trouble is any url redirects the site has to other sites it is also putting those to https which may or may not be s...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 22, 2008
Is the insecure content warning happening because the application is sending a redirect to an http URL hosted on the VIP? Or does the page content contains absolute references to http content (http://example.com/file.jpg for example)? If it's the former, you can rewrite the redirect if it contains your domain using a rule like this:


when HTTP_REQUEST {
    Save the requested host header value for reference in the response
   set host [HTTP::host]
}
when HTTP_RESPONSE {
    Check if this is a redirect (30x response status)
   if {[HTTP::is_redirect]}{
       Replace the http://host with https://host in the Location header
      HTTP::header replace Location [string map -nocase "http://$host" "https://$host" [HTTP::header value Location]]
   }
}

This assumes that you only want to rewrite the Location value from http to https if the host in the redirect Location header is what the client requested.

If the page content contains absolute references to http://, you can use a blank stream profile and an iRule to replace http with https in the response content. Check the STREAM::expression wiki page (Click here) for an example.

Aaron